Forum Discussion

Eray_27463's avatar
Eray_27463
Icon for Nimbostratus rankNimbostratus
Oct 25, 2007

Passing the credentials to the Load Balancer

Right now this's the way I initialize my F5 functions..

 

m_interfaces.initialize(LoadBalancerAddress, UserName, Password);

 

 

I don't want to hardcode username and password, and I don't want to store these credentials in plain text file. So how do people solve this security problem?

 

 

Thanks,

 

Eray

 

dev
devops
iControl

2 Replies

Sort By
  • Andy_Herrman_22's avatar
    Andy_Herrman_22
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2007
    Well, you could come up with some kind of encryption and store the values in a text file using that, but since you would be hard-coding the encryption someone could probably reverse engineer it.

     

     

    The only real way to not hard-code the values or put them in a config file would be to ask the user when the program starts, but that would only really work if it was a user app and not a service.
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 29, 2007
    Agreed that hard coding is most likely not a good idea. You can either store the creds locally, or prompt the user for the credentials. If your application is going to be spread out among lots of people, then you should create multiple accounts for the end users (not the default admin account) and limit their privileges depending on what the application does (read-only vs. read-write). Also, I would make sure that that user doesn't have console privileges.

     

     

    It's really a chicken and egg problem. You don't want the users to have login credentials but you need credentials to login to the device.

     

     

    Another option could be to build a secured webservice if your your own that your app calls to request credentials. That way the app never has the credentials hard coded and the credentials are secured everywhere in the chain.

     

     

    Good luck!

     

     

    -Joe